elhacker.net cabecera Bienvenido(a), Visitante. Por favor Ingresar o Registrarse
¿Perdiste tu email de activación?.

 

 


Tema destacado: Entrar al Canal Oficial Telegram de elhacker.net


  Mostrar Temas
Páginas: [1]
1  Seguridad Informática / Bugs y Exploits / sqlmap con problemas en backtrack 5 ¨ID no inyectable¨ ?? havij es superior??? en: 10 Abril 2012, 00:13 am
Saludos
les envio un fraternal saludo a todos

y vengo con una duda que aun no parece tener solucion y quiero pensar que es problema del kernel linux , algun comando por alli oculto ,o sera que el sqlmap no es tan bueno como el havij , en san google no encuentro ninguna solucion

al realizar una auditoria me sale casi siempre esto:

    starting at 04:53:09

[04:53:09] [INFO] using '/pentest/web/scanners/sqlmap/output/www.myfourthirds.com/session' as session file
[04:53:09] [INFO] testing connection to the target url
[04:53:10] [INFO] heuristics detected web page charset 'ascii'
[04:53:10] [WARNING] the web server responded with an HTTP error code (400) which could interfere with the results of the tests
[04:53:10] [INFO] testing if the url is stable, wait a few seconds
[04:53:12] [INFO] url is stable
[04:53:12] [INFO] testing if GET parameter 'id' is dynamic
[04:53:12] [WARNING] GET parameter 'id' appears to be not dynamic
[04:53:12] [WARNING] heuristic test shows that GET parameter 'id' might not be injectable
[04:53:12] [INFO] testing sql injection on GET parameter 'id'
[04:53:12] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause'
[04:53:17] [INFO] testing 'MySQL >= 5.0 AND error-based - WHERE or HAVING clause'
[04:53:18] [INFO] testing 'PostgreSQL AND error-based - WHERE or HAVING clause'
[04:53:20] [INFO] testing 'Microsoft SQL Server/Sybase AND error-based - WHERE or HAVING clause'
[04:53:21] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[04:53:23] [INFO] testing 'MySQL > 5.0.11 stacked queries'
[04:53:24] [INFO] testing 'PostgreSQL > 8.1 stacked queries'
[04:53:25] [INFO] testing 'Microsoft SQL Server/Sybase stacked queries'
[04:53:30] [INFO] testing 'MySQL > 5.0.11 AND time-based blind'
[04:53:35] [INFO] testing 'PostgreSQL > 8.1 AND time-based blind'
[04:53:36] [INFO] testing 'Microsoft SQL Server/Sybase time-based blind'
[04:53:38] [INFO] testing 'Oracle AND time-based blind'
[04:53:42] [INFO] testing 'MySQL UNION query (NULL) - 1 to 10 columns'
[04:55:08] [INFO] testing 'Generic UNION query (NULL) - 1 to 10 columns'
[04:55:08] [WARNING] using unescaped version of the test because of zero knowledge of the back-end DBMS. You can try to explicitly set it using the --dbms option
[04:56:56] [WARNING] GET parameter 'id' is not injectable
[04:56:56] [CRITICAL] all parameters appear to be not injectable. Try to increase --level/--risk values to perform more tests. Also, you can try to rerun by providing either a valid --string or a valid --regexp, refer to the user's manual for details
[04:56:56] [WARNING] HTTP error codes detected during testing:
400 (Bad Request) - 159 times


cualquier sugerencia sera aceptada
gracias
  att
   teresa
 ;D


NOTA:  En el foro encontre una respuesta a un  post que me llamo la atencion
berz3k : analizar todas las tablas y columnas es muy lento , encuentra donde inyectar y continua desde alli manual .. .. segun capto , es usar sqlmap en algo especifico .........

 
Páginas: [1]
WAP2 - Aviso Legal - Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines